User Contributed Notes 6 notes

Be careful if you are updating to PHP 5.6 since the the Sessions's Write behavior changed. It now only writes the session if you changed the data. So this means that if you rely on your session to update an activity time stamp on the server (to control session expiry) you will end up having issues. Here is a quick fix if you are implementing SessionHandlerInterface:

When you include a php file in your current script it's included, not processed separately, thus it's still within the same page and the current page hasn't finished processing.Thus, session is not set yet. This is the expected behaviour.

If you need to load a page after setting session data, you should set session data and then send a redirection or refresh header (remember not to send anything, not even whitespace before sending headers).

Always consider session data to be updated after the next page load (as in http request completed).

i don't know if anyone wrote a version of phpsessions using redis yet, but since memcache don't have KEYS command, it's hard to know if the users is connected (at app side) or what sessions still active (not expired/not logged)

Please note, that database is NOT recommended for session storage. It can be a big performance bottleneck, especially in replicated environments.

For saving sessions, file handler seems to be very effective for most setups, except those situations: - if performance is an issue, the directory which stores session files can be mounted as tmpfs (ram disk). - if sharing sessions across multiple webservers is needed (in clustered environments), use memcache for storing session information (tip: you can setup more than one instance of memcache eliminate single point of failure). This method, however, sets a limitation of session size to 64k (this should be enough for most applications) - don't use NFS for sharing session files between webservers, it does not handle locking correctly and can cause corruption of session data.

Just some notes - it seems that php does the session writing after the script exits.For example, if you set a bunch of session variables and then run session_regenerate_id() - the session variables are never written to the old session. The new session id is generated when you ask it to be generated, but the session exists only in memory until after the script exits - when the session is written and any and all session variables are written to it.

This caused me some confusion, as I'm running sessions in an sql database rather than flat file, trying to do any manipulation of the session database directly in a script where you have run session_regenerate_id() will fail for the new session ID because the insert hasn't been done yet, and setting any session variables will only be written to the new session, even if set before you regenerate the session ID.

Also - if using a database for sessions, make sure to use mysql_real_escape_string() before saving any session variables.